Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

1 rule found for "CVE-2022-41120"

3,731Total
3,132Detection
457Emerging
139Hunting
Emerging Threathightest

Suspicious Sysmon as Execution Parent

Detects suspicious process executions in which Sysmon itself is the parent of a process, which could be a sign of exploitation (e.g. CVE-2022-41120)

WindowsProcess Creation
Florian Roth (Nextron Systems)+1Thu Nov 102022